Cisco Value Chain Security Program cisco 


Protecting Customers Throughout the Solutions Life Cycle 


Value chain security continually assesses, monitors, and improves the security of the third parties who 
are part of our solutions’ life cycles. Our commitment is to strive to meet our customers’ integrity 
expectations. 


Our Approach: 


Security at every life cycle stage 


We strive to insert security at 
every stage of E 
the solutions life cycle -o : . - += . ed ig 


Layer security technology, 


physical security, logical, What You Can Expect from Cisco Value Chain Security 
rules-based Soe Nh and - Our solutions are genuine (not counterfeit) 
information security - Our solutions operate as customers direct them to and are not subject to tampering (not controlled/accessible by unknown parties) 


Cisco Value Chain Security Process 

We manage a coordinated program across our engineering, manufacturing, and technical 

Cisco collaboratively drives services teams, together with our global suppliers and channel partners to: 

security standards, policies, and « Retain Cisco products and solutions in controlled development, manufacturing, logistics, and channel 
environments, using approved processes and tools, software and hardware components 

- Limit introduction of malware and/or rogue raw materials 

- Develop technology, build devices, and deploy processes that make it more difficult 
to produce undetectable fake or altered Cisco solutions 


tools across the industry 


Cisco Value Chain Security Exposures Addressed 
- Tainted solutions 

- Counterfeit solutions 

« Misuse of intellectual property 

- Third party information security breach 


A trusted partner that assesses 
risk and effectively addresses 
security while enabling our 


customers’ business Cisco’s Layered Approach to Value Chain Security 
- Physical Security: Practices including camera monitoring, security checkpoints, alarms and electronic or biometric access control 
We earn your trust - Logical Security: Systematic, repeatable, and auditable operational security processes including 


encryption, materials and failure analysis segregation and scrap weight validation 

- Security Technology: Technical innovation to enhance counterfeit detection, terminate functionality, or identify non-authorized 
components or users including smart chips, data-extracting test beds, and proprietary holographic or intaglio security labels 

- Information Security: Data and information systems protection including remote access limitation, 
configuration management, network segmentation, multi-factor authentication and data classification 
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